April Fools came early for the U.S. Department of Justice this year.
In 2009, information and data security has become (or rather, should be) a top priority for all businesses and government entities. The United States Department of Justice is no different. Last week, someone high up in the DOJ authorized and initiated a hoax mass email pertaining to the Federal Retirement Thrift Investment Board. According to the AP, the email was sent and signed by one "Thrift Savings Plan Account Coordinator".
The email linked readers to a website that asked for their Savings Plan account information by January 31st. Thankfully, a number of DOJ employees immediately found the fraudulent site out and sent out emails to the entire department warning not to follow the instructions. One Oregon employee, classified by the AP as a "national security specialist", sent his own mass email out entitled "URGENT - TSP hoax", in which he warned co-workers of the ruse.
Late last week, the Justice dept. acknowledged the hoax email, saying it was a security exercise. "We have learned that the messages are part of a hoax invented and distributed by DOJ to test employee security awareness," said Ted Shelkey, the DOJ's assistant director for information systems security. "The message and the site purported to be the bailout Web site are not malicious. There is no need to distribute warning messages to colleagues and law enforcement contacts. Please delete all such messages and associated alerts."
So what are the Federal Retirement Thrift Investment Board and Thrift Savings Plan? The independent board administers the TSP, which acts as a sort of 401(k) plan for federal employees, with both the employees and employers adding funds. As of 2007, there were nearly four million members. The board acknowledged the email scam on its website, but took down notices and warnings when the DOJ admitted to the hoax.
"This specific exercise was successfully completed within the defined time period," said DOJ spokesperson Gina Talamona. "Scenarios are intended to represent an example of persistent cyber threats facing today's Internet users."
In a time when data loss and security breaches are at an all time high, it's good to see the DOJ keeping employees on their toes.